Thread: Why Astaro Email Encryption is useless (or worse)
View Single Post
  #2 (permalink)  
Old 06-16-2009, 12:15 AM
BAlfson's Avatar
BAlfson BAlfson is offline
Moderator
  
Join Date: Mar 2007
Location: Oklahoma City
Posts: 5,390
Default
It is possible to configure the SMTP Proxy in an insecure fashion. If you do that, you are correct that the Astaro won't refuse to encrypt/sign emails presented for relaying from authenticated users.

When used with a good mail server (we use Exchange), it's the mail server that confirms the sender's identity. When we configure the Astaro, the only item on the 'Relaying' tab that can relay off the Astaro is the mail server, so most of your objections are obviated.

I'm not sure about your concern for the certs and private keys not being secure from the administrator of the Astaro. The point of the Astaro implementation is to facilitate encryption/signing in an unobtrusive way for the users. If you have one who has the skills and need for security from the administrator, just don't create him as an 'Internal User' and have him do encryption and signing in his email client.

Cheers - Bob
PS You must have gone to university in the US - your English is better than most native speakers!
__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!
Reply With Quote